update kernel submodule to Ubuntu-5.15.0-77.84
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht
parent
97585a6faf
commit
6f85177a4f
@ -1,120 +0,0 @@
|
|||||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
||||||
Date: Tue, 2 May 2023 10:25:24 +0200
|
|
||||||
Subject: [PATCH] netfilter: nf_tables: deactivate anonymous set from
|
|
||||||
preparation phase
|
|
||||||
|
|
||||||
Toggle deleted anonymous sets as inactive in the next generation, so
|
|
||||||
users cannot perform any update on it. Clear the generation bitmask
|
|
||||||
in case the transaction is aborted.
|
|
||||||
|
|
||||||
The following KASAN splat shows a set element deletion for a bound
|
|
||||||
anonymous set that has been already removed in the same transaction.
|
|
||||||
|
|
||||||
[ 64.921510] ==================================================================
|
|
||||||
[ 64.923123] BUG: KASAN: wild-memory-access in nf_tables_commit+0xa24/0x1490 [nf_tables]
|
|
||||||
[ 64.924745] Write of size 8 at addr dead000000000122 by task test/890
|
|
||||||
[ 64.927903] CPU: 3 PID: 890 Comm: test Not tainted 6.3.0+ #253
|
|
||||||
[ 64.931120] Call Trace:
|
|
||||||
[ 64.932699] <TASK>
|
|
||||||
[ 64.934292] dump_stack_lvl+0x33/0x50
|
|
||||||
[ 64.935908] ? nf_tables_commit+0xa24/0x1490 [nf_tables]
|
|
||||||
[ 64.937551] kasan_report+0xda/0x120
|
|
||||||
[ 64.939186] ? nf_tables_commit+0xa24/0x1490 [nf_tables]
|
|
||||||
[ 64.940814] nf_tables_commit+0xa24/0x1490 [nf_tables]
|
|
||||||
[ 64.942452] ? __kasan_slab_alloc+0x2d/0x60
|
|
||||||
[ 64.944070] ? nf_tables_setelem_notify+0x190/0x190 [nf_tables]
|
|
||||||
[ 64.945710] ? kasan_set_track+0x21/0x30
|
|
||||||
[ 64.947323] nfnetlink_rcv_batch+0x709/0xd90 [nfnetlink]
|
|
||||||
[ 64.948898] ? nfnetlink_rcv_msg+0x480/0x480 [nfnetlink]
|
|
||||||
|
|
||||||
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
||||||
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
|
|
||||||
---
|
|
||||||
include/net/netfilter/nf_tables.h | 1 +
|
|
||||||
net/netfilter/nf_tables_api.c | 12 ++++++++++++
|
|
||||||
net/netfilter/nft_dynset.c | 2 +-
|
|
||||||
net/netfilter/nft_lookup.c | 2 +-
|
|
||||||
net/netfilter/nft_objref.c | 2 +-
|
|
||||||
5 files changed, 16 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
|
|
||||||
index 80df8ff5e675..2e720a3dcdf2 100644
|
|
||||||
--- a/include/net/netfilter/nf_tables.h
|
|
||||||
+++ b/include/net/netfilter/nf_tables.h
|
|
||||||
@@ -584,6 +584,7 @@ struct nft_set_binding {
|
|
||||||
};
|
|
||||||
|
|
||||||
enum nft_trans_phase;
|
|
||||||
+void nf_tables_activate_set(const struct nft_ctx *ctx, struct nft_set *set);
|
|
||||||
void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set,
|
|
||||||
struct nft_set_binding *binding,
|
|
||||||
enum nft_trans_phase phase);
|
|
||||||
diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
|
|
||||||
index dc276b6802ca..c1e6f07039f1 100644
|
|
||||||
--- a/net/netfilter/nf_tables_api.c
|
|
||||||
+++ b/net/netfilter/nf_tables_api.c
|
|
||||||
@@ -4787,12 +4787,24 @@ static void nf_tables_unbind_set(const struct nft_ctx *ctx, struct nft_set *set,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
+void nf_tables_activate_set(const struct nft_ctx *ctx, struct nft_set *set)
|
|
||||||
+{
|
|
||||||
+ if (nft_set_is_anonymous(set))
|
|
||||||
+ nft_clear(ctx->net, set);
|
|
||||||
+
|
|
||||||
+ set->use++;
|
|
||||||
+}
|
|
||||||
+EXPORT_SYMBOL_GPL(nf_tables_activate_set);
|
|
||||||
+
|
|
||||||
void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set,
|
|
||||||
struct nft_set_binding *binding,
|
|
||||||
enum nft_trans_phase phase)
|
|
||||||
{
|
|
||||||
switch (phase) {
|
|
||||||
case NFT_TRANS_PREPARE:
|
|
||||||
+ if (nft_set_is_anonymous(set))
|
|
||||||
+ nft_deactivate_next(ctx->net, set);
|
|
||||||
+
|
|
||||||
set->use--;
|
|
||||||
return;
|
|
||||||
case NFT_TRANS_ABORT:
|
|
||||||
diff --git a/net/netfilter/nft_dynset.c b/net/netfilter/nft_dynset.c
|
|
||||||
index 87f3af4645d9..29c7ae8789e9 100644
|
|
||||||
--- a/net/netfilter/nft_dynset.c
|
|
||||||
+++ b/net/netfilter/nft_dynset.c
|
|
||||||
@@ -342,7 +342,7 @@ static void nft_dynset_activate(const struct nft_ctx *ctx,
|
|
||||||
{
|
|
||||||
struct nft_dynset *priv = nft_expr_priv(expr);
|
|
||||||
|
|
||||||
- priv->set->use++;
|
|
||||||
+ nf_tables_activate_set(ctx, priv->set);
|
|
||||||
}
|
|
||||||
|
|
||||||
static void nft_dynset_destroy(const struct nft_ctx *ctx,
|
|
||||||
diff --git a/net/netfilter/nft_lookup.c b/net/netfilter/nft_lookup.c
|
|
||||||
index 90becbf5bff3..b53a9b807a46 100644
|
|
||||||
--- a/net/netfilter/nft_lookup.c
|
|
||||||
+++ b/net/netfilter/nft_lookup.c
|
|
||||||
@@ -167,7 +167,7 @@ static void nft_lookup_activate(const struct nft_ctx *ctx,
|
|
||||||
{
|
|
||||||
struct nft_lookup *priv = nft_expr_priv(expr);
|
|
||||||
|
|
||||||
- priv->set->use++;
|
|
||||||
+ nf_tables_activate_set(ctx, priv->set);
|
|
||||||
}
|
|
||||||
|
|
||||||
static void nft_lookup_destroy(const struct nft_ctx *ctx,
|
|
||||||
diff --git a/net/netfilter/nft_objref.c b/net/netfilter/nft_objref.c
|
|
||||||
index 94b2327e71dc..3ff91bcaa5f2 100644
|
|
||||||
--- a/net/netfilter/nft_objref.c
|
|
||||||
+++ b/net/netfilter/nft_objref.c
|
|
||||||
@@ -183,7 +183,7 @@ static void nft_objref_map_activate(const struct nft_ctx *ctx,
|
|
||||||
{
|
|
||||||
struct nft_objref_map *priv = nft_expr_priv(expr);
|
|
||||||
|
|
||||||
- priv->set->use++;
|
|
||||||
+ nf_tables_activate_set(ctx, priv->set);
|
|
||||||
}
|
|
||||||
|
|
||||||
static void nft_objref_map_destroy(const struct nft_ctx *ctx,
|
|
||||||
@ -1 +1 @@
|
|||||||
Subproject commit 39b1ad2696b8e76f7e33aae243d20117c70b5d50
|
Subproject commit ee33ef60c06953b1aab7d5fcd7369e7a9d80afef
|
||||||
Loading…
Reference in New Issue
Block a user